Method and apparatus for rebuilding data in a dispersed data storage network

ABSTRACT

A method begins a first rebuilder application identifying a data slice having a storage error. The method continues with the first rebuilder application or a second rebuilder application identifying a data segment based on the identified data slice. The method continues with the second rebuilder application identifying one or more other slice servers that are storing other data slices of the encoded data segment. The method continues with the second rebuilder application receiving a sufficient number of the other data slices to reconstruct the data segment and decoding them to reconstruct the data segment. The method continues with the second rebuilder application encoding the reconstructed data segment in accordance with the information dispersal algorithm to produce a new set of data slices and selecting one of them as the rebuild data slice.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present U.S. Utility Patent Application claims priority pursuant to35 U.S.C. §120, as a continuation, to the following U.S. Utility PatentApplication which is hereby incorporated herein by reference in itsentirety and made part of the present U.S. Utility Patent Applicationfor all purposes:

-   -   “Method and Apparatus for Rebuilding Data in a Dispersed Data        Storage Network”, having a filing date of Jul. 25, 2012, and a        serial number of Ser. No. 13/558,008 (Attorney Docket No.        CS00011.01C2), now U.S. Pat. No. 8,464,096, which claims        priority under 35 USC §120 as a continuing patent application to        the following U.S. Utility Patent Application which is hereby        incorporated herein by reference in its entirety and made part        of the present U.S. Utility Patent Application for all purposes:        -   “Method and Apparatus for Rebuilding Data in a Dispersed            Data Storage Network”, having a filing date of Mar. 2, 2010,            and a serial number of Ser. No. 12/716,106 (Attorney Docket            No. CS00011.01C1), which claims priority under 35 USC §120            as a continuing patent application to the following U.S.            Utility Patent Application which is hereby incorporated            herein by reference in its entirety and made part of the            present U.S. Utility Patent Application for all purposes:            -   “Range Based Rebuilder for Use with a Dispersed Data                Storage Network”, having a filing date of Dec. 29, 2009,                and a serial number of Ser. No. 12/648,691 (Attorney                Docket No. CS00011.01), now U.S. Pat. No. 8,352,782,                which claims priority to the following applications                which are hereby incorporated herein by reference in                their entirety and made part of the present U.S. Utility                Patent Application for all purposes:                -   1. Pursuant to 35 U.S.C. §119(e) to U.S. Provisional                    Application No. 61/141,428 (Attorney Docket No.                    CS00011.01), entitled “Range Based Rebuilding for                    Use with a Dispersed Data Storage Network,” filed                    Dec. 30, 2008;                -   2. Pursuant to 35 U.S.C. §120, as a                    continuation-in-part (CIP), to the following U.S.                    Utility Patent Applications:

 a. U.S. Utility Application Ser. No. 11/403,391 (Attorney Docket No.CS00006.04), entitled “System for Rebuilding Dispersed Data,” filed Apr.13, 2006, now U.S. Pat. No. 7,546,427, which is a continuation-in-part(CIP) to U.S. Utility Application Ser. No. 11/241,555 (Attorney DocketNo. CS00006), entitled “Systems, Methods, and Apparatus for SubdividingData for Storage in a Dispersed Data Storage Grid”, filed Sep. 30, 2005,now U.S. Pat. No. 7,953,937; and

 b. U.S. Utility application Ser. No. 12/080,042 (Attorney Docket No.CS00011), entitled “Rebuilding Data on a Dispersed Storage Network,”filed Mar. 31, 2008, which is a continuation-in-part (CIP) to U.S.Utility application Ser. No. 11/973,542 (Attorney Docket No. CS00004),entitled “Ensuring Data Integrity on a Dispersed Storage Network”, filedOct. 9, 2007.

The following applications are also incorporated by reference in theirentirety:

1. U.S. Utility application Ser. No. 11/973,621 (Attorney Docket No.CS00005), entitled

“Virtualized Storage Vaults on a Dispersed Data Storage Network”, filedOct. 9, 2007, now U.S. Pat. No. 7,904,475; and

2. U.S. Utility application Ser. No. 11/973,622 (Attorney Docket No.CS00002), entitled “Smart Access to a Dispersed Data Storage Network”,filed Oct. 9, 2007, now U.S. Pat. No. 8,171,101.

FIELD OF THE INVENTION

The present invention relates generally to systems, apparatus, andmethods for distributed data storage, and more particularly to systems,apparatus, and methods for distributed data storage using an informationdispersal algorithm so that no one location will store an entire copy ofstored data, and more particularly still to systems, apparatus, andmethods for rebuilding data on a dispersed data storage network that hasbeen damaged, compromised or has experienced failure during read andwrite operations.

DESCRIPTION OF THE PRIOR ART

Storing data in digital form is a well-known problem associated with allcomputer systems, and numerous solutions to this problem are known inthe art. The simplest solution involves merely storing digital data in asingle location, such as a punch film, hard drive, or FLASH memorydevice. However, storage of data in a single location is inherentlyunreliable. The device storing the data can malfunction or be destroyedthrough natural disasters, such as a flood, or through a malicious act,such as arson. In addition, digital data is generally stored in a usablefile, such as a document that can be opened with the appropriate wordprocessing software, or a financial ledger that can be opened with theappropriate spreadsheet software. Storing an entire usable file in asingle location is also inherently insecure as a malicious hacker onlyneed compromise that one location to obtain access to the usable file.

To address reliability concerns, digital data is often “backed-up,”i.e., an additional copy of the digital data is made and maintained in aseparate physical location. For example, a backup tape of all networkdrives may be made by a small office and maintained at the home of atrusted employee. When a backup of digital data exists, the destructionof either the original device holding the digital data or the backupwill not compromise the digital data. However, the existence of thebackup exacerbates the security problem, as a malicious hacker canchoose between two locations from which to obtain the digital data.Further, the site where the backup is stored may be far less secure thanthe original location of the digital data, such as in the case when anemployee stores the tape in their home.

Another method used to address reliability and performance concerns isthe use of a Redundant Array of Independent Drives (“RAID”). RAID refersto a collection of data storage schemes that divide and replicate dataamong multiple storage units. Different configurations of RAID provideincreased performance, improved reliability, or both increasedperformance and improved reliability. In certain configurations of RAID,when digital data is stored, it is split into multiple units, referredto as “stripes,” each of which is stored on a separate drive. Datastriping is performed in an algorithmically certain way so that the datacan be reconstructed. While certain RAID configurations can improvereliability, RAID does nothing to address security concerns associatedwith digital data storage.

One method that prior art solutions have addressed security concerns isthrough the use of encryption. Encrypted data is mathematically coded sothat only users with access to a certain key can decrypt and use thedata. Common forms of encryption include DES, AES, RSA, and others.While modern encryption methods are difficult to break, numerousinstances of successful attacks are known, some of which have resultedin valuable data being compromised.

Digitally stored data is subject to degradation over time, although suchdegradation tends to be extremely minor and the time periods involvedtend to be much longer than for analog data storage. Nonetheless, if asingle bit within a file comprised of millions of bits changes from azero to a one or vice versa, the integrity of the file has beencompromised, and its usability becomes suspect. Further, errors occurmore frequently when digital data is transmitted due to noise in thetransmission medium. Various prior art techniques have been devised todetect when a digital data segment has been compromised. One early formof error detection is known as parity, wherein a single bit is appendedto each transmitted byte or word of data. The parity bit is set so thatthe total number of one bit in the transmitted byte or word is eithereven or odd. The receiving processor then checks the received byte orword for the appropriate parity, and, if it is incorrect, asks that thebyte or word be re-sent.

Another form of error detection is the use of a checksum. There are manydifferent types of checksums including classic checksums, cryptographichash functions, digital signatures, cyclic redundancy checks, and theuse of human readable “check digits” by the postal service andlibraries. All of these techniques involve performing a mathematicalcalculation over an entire data segment to arrive at a checksum, whichis appended to the data segment. For stored data, the checksum for thedata segment can be recalculated periodically, and checked against thepreviously calculated checksum appended to the data segment. Fortransmitted data, the checksum is calculated by the transmitter andappended to the data segment. The receiver then recalculates thechecksum for the received data segment, and if it does not match thechecksum appended to the data segment, requests that it beretransmitted.

In 1979, two researchers independently developed a method for splittingdata among multiple recipients called “secret sharing.” One of thecharacteristics of secret sharing is that a piece of data may be splitamong n recipients, but cannot be known unless at least t recipientsshare their data, where n≧t. For example, a trivial form of secretsharing can be implemented by assigning a single random byte to everyrecipient but one, who would receive the actual data byte after it hadbeen bitwise exclusive orred with the random bytes. In other words, fora group of four recipients, three of the recipients would be givenrandom bytes, and the fourth would be given a byte calculated by thefollowing formula:

s′=s⊕r_(a)⊕r_(b)⊕r_(c),

where s is the original source data, r_(a), r_(b), and r_(c) are randombytes given to three of the four recipients, and s′ is the encoded bytegiven to the fourth recipient. The original byte s can be recovered bybitwise exclusive-orring all four bytes together.

The problem of maintaining or reconstructing data stored on a digitalmedium that is subject to damage has also been addressed in the priorart. In particular, Reed-Solomon and Cauchy Reed-Solomon coding are twowell-known methods of dividing encoded information into multiple slicesso that the original information can be reassembled even if all of theslices are not available. Reed-Solomon coding, Cauchy Reed-Solomoncoding, and other data coding techniques are described in “Erasure Codesfor Storage Applications,” by Dr. James S. Plank, which is herebyincorporated by reference.

Schemes for implementing dispersed data storage networks are also knownin the art. In particular, U.S. Pat. No. 5,485,474, issued to Michael O.Rabin, describes a system for splitting a segment of digital informationinto n data slices, which are stored in separate devices. When the datasegment must be retrieved, only m of the original data slices arerequired to reconstruct the data segment, where n>m.

While dispersed data storage networks can theoretically be implementedto provide any desired level of reliability, practical considerationstend to make this impossible in prior art solutions. For example,dispersed data storage networks rely on storage media to store dataslices. This storage media, like all storage media, will degrade overtime. Furthermore, dispersed data storage networks rely on numeroustransmissions to physically disparate slice servers, and data slices maybecome corrupted during transmissions. While TCP utilizes a CRC in everytransmitted packet, the reliability provided by this CRC is notsufficient for critical data storage.

Since April of 2006, Cleversafe, Inc. of Chicago, Ill. has developed anumber of algorithms for rebuilding corrupted or destroyed data storedon a dispersed data storage network. As explained in previousapplications, all of which are referenced by this application, theserebuilders worked by noting the corruption, destruction, orunavailability of a data slice based on a scan of stored data slices, ora failed operation on a data slice. This process is effective, but isnot optimized to deal with instances where a large number of relateddata slices are corrupted or destroyed, such as, for example, when adrive is replaced or destroyed.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a network diagram of a dispersed data storage networkconstructed in accordance with an embodiment of the disclosed invention;

FIG. 2 illustrates the use of checksums on a data segment as well as onan arbitrary number of data slices created from the data segment;

FIG. 3 is a flowchart illustrating the process by which a corrupted datasegment can be rebuilt by a dispersed data storage network constructedin accordance with an embodiment of the disclosed invention;

FIGS. 4A-4C collectively illustrate a read operation from a disperseddata storage network constructed in accordance with an embodiment of thedisclosed invention;

FIGS. 5A-5B collectively illustrate a write operation from a disperseddata storage network constructed in accordance with an embodiment of thedisclosed invention;

FIGS. 6A-6B collectively illustrate an automated process by whichcorrupted data slices may be recreated in accordance with an embodimentof the disclosed invention;

FIG. 7 is a flowchart illustrating the high-level operation of a rebuildprocess in accordance with an embodiment of the disclosed invention;

FIG. 8 is a flowchart illustrating a process for discovery of corruptdata occurring during the course of a normal read operation, inaccordance with an embodiment of the disclosed invention;

FIG. 9 is a flowchart illustrating a process for discovery of missing oroutdated slices during the course of a normal read operation, inaccordance with an embodiment of the disclosed invention;

FIG. 10 is a flowchart illustrating a process for discovery of missingslices during the course of a normal write operation, in accordance withan embodiment of the disclosed invention;

FIG. 11 is a flowchart illustrating a data scan that detects corruptdata slices, in accordance with an embodiment of the disclosedinvention;

FIG. 12 is a flowchart illustrating a data scan that detects missing andoutdated data slices, in accordance with an embodiment of the disclosedinvention;

FIG. 13 is an example layout of a rebuild record, which stores theidentities and other information used to manage the record of dataslices that need to be rebuilt;

FIG. 14 is a flowchart illustrating a process that rebuilds missing,outdated, or corrupt data slices, in accordance with an embodiment ofthe disclosed invention;

FIG. 15 is an illustration of data that may be maintained by a rebuildprocess operating in accordance with an embodiment of the disclosedinvention;

FIG. 16 is a network diagram of a dispersed data storage networkconstructed in accordance with an embodiment of the disclosed invention;

FIG. 17 is a flowchart illustrating the high-level operation of arebuild process in accordance with an embodiment of the disclosedinvention;

FIG. 18 is a flowchart illustrating the high-level operation of how adisk failure would be detected and the data slices stored by the diskwould be rebuilt in accordance with an embodiment of the disclosedinvention;

FIG. 19 is a flowchart illustrating the high-level operation of how thedestruction of a slice server or an entire site would be detected andthe data slices maintained by the slice server or site would be rebuiltin accordance with an embodiment of the disclosed invention; and

FIG. 20 is an example layout of a rebuilder layout record especiallyadapted for range based rebuilding.

DETAILED DESCRIPTION OF THE ILLUSTRATED EMBODIMENT

Turning to the Figures, and to FIG. 1 in particular, a distributedcomputer system implementing a dispersed data storage network 100 isshown. An arbitrary number of slice servers 150-162 store data slicessent to them by networked client computers 102, 104, and 106. Asillustrated, a grid access computer 120 allows access to the sliceservers 150-162 by the client computers 102, 104, and 106. In adispersed data storage network, the grid access computer 120 acts as arouter for data sent between a source computer and multiple sliceservers 150-162. It manages transactions at the data segment level. Amanager appliance 122 monitors the activities and status of the gridaccess computer 120 and the slice servers 150-162. The manager appliancereports on statistics and events related to appliance health, networkthroughput, authentication attempts, read and write transaction counts,and rebuilding activities. It notifies users when events that couldsignal a problem occur.

As explained herein, the disclosed invention works to ensure theintegrity of data stored in a dispersed data network not only by usingchecksums on each stored data segment as well as the constituent dataslices, but also by reconstructing compromised data slices as well. Inaccordance with the disclosed invention, the grid access computer 120will calculate a checksum for each data segment to be stored, and appendthe checksum to the data segment prior to slicing. The data segment isthen sliced in accordance with an information dispersal algorithm, andchecksums are calculated and appended to each of the data slices. Thedata slices are then forwarded to slice servers 150-162, where the dataslices are stored.

In addition, the access computer 120 also recreates data slices thathave become corrupted, or were destroyed. If during operation of thedispersed data storage network 100, it is detected that a particulardata slice has been corrupted or destroyed, a different data slice willbe requested from a different slice server 150-162. Assuming thatsufficient non-corrupted data slices exist to successfully reconstructthe original data segment, the reconstructed data segment will bere-sliced, and the corrupted data slice will be replaced with anon-corrupted version. Further, a rebuilder application operating withinthe dispersed data storage network periodically walks through all dataslices stored on the dispersed data storage network. When a corrupteddata slice is found, the rebuilder application identifies the datasegment corresponding to the corrupted data slice, rebuilds theidentified data segment, and rewrites the corrupted slice. Moreover, therebuilder application actively engages in a detection process toidentify corrupted, damaged, missing, and outdated data slices.

FIG. 2 depicts a system 235 that demonstrates the use of a checksum 220on a data segment 230, as well as on the data slices 250-257 that thedata segment 230 was divided into. Assuming that a data segment 230 isbeing written to a dispersed data storage network, a checksum 220 willbe calculated for and appended to the data segment 230, thereby forminga “certified data segment.” The certified data segment 230 will then besliced as one piece of data resulting in data slices 250-257, i.e., whenthe data slices 250-257 are recombined, both the data segment 230 anddata segment checksum 220 will be recovered. A checksum 240-247 is thencalculated for, and appended to each data slice 250-257, forming“certified data slices” 260-267. The certified data slices 260-267 willthen be sent to different slice servers.

FIG. 3 depicts one possible process by which corrupted slices may berecreated. During a read operation of the dispersed data storagenetwork, a client requests a slice from a slice server in step 302. Instep 303, the slice server transmits the requested slice to the client,which calculates a checksum for the requested data slice. In step 304,the calculated checksum is compared to the checksum appended to thestored data slice, and if the two checksums match, the read proceeds asnormal in step 306. However, if the two checksums do not match, theslice server will transmit a message to a rebuilder applicationoperating on the dispersed data storage network indicating that therequested data slice is corrupted in step 308, and return “Failure” tothe querying server. In step 310, the grid access computer determines ifan alternative slice can be read from a different slice server. If analternative slice does not exist, the grid access computer will reportan error in step 312. In step 314, the grid access computer reads thealternative slice.

FIGS. 4A-4C show the process by which a dispersed data storage network,constructed in accordance with the disclosed invention and used inconjunction with the process depicted in FIG. 3, could fulfill a readrequest. In step 402, a read request is received. Contained within theread request will be information sufficient to determine which sliceservers contain applicable data, as well as the minimum number of dataslices that must be retrieved before the requested data can bereconstructed. Further information on one method that can be used toassociate data requests with particular slice servers is contained inUnited States Patent application Ser. No. 11/973,621, entitled“Virtualized Data Storage Vaults On a Dispersed Data Storage Network,”filed on Oct. 9, 2007 and assigned to Cleversafe, Inc. In step 404, thevariable m is initialized to the minimum number of slices required toconstruct the requested data segment. As described herein, for eachsuccessfully received and validated slice, m is decremented.

In step 406, a list of slice servers, each holding a required data slicethat has yet to be received, is assembled. In step 408, the list isordered by any applicable criteria. Further information on criteria bywhich the list may be ordered is contained in United States Patentapplication Ser. No. 11/973,622, entitled “Smart Access to a DispersedData Storage Network,” filed on Oct. 9, 2007 and assigned to Cleversafe,Inc. In step 410, read requests are issued to the first k slice serverson the assembled list, where k is at least equal to m, the minimumnumber of data slices needed to reconstruct the requested data segment,but could be as large as n, the number of data slices that have datarelevant to the requested data segment. In step 412, r data slices arereceived, and in step 414 the number of received data slices r issubtracted from the variable m. In step 416, m is compared to zero, andif m is greater than or equal to zero, execution returns to step 406 andproceeds as normal from there. However, if m is equal to zero, acollection of data transformations may optionally be applied to thereceived slices in step 418. The applied data transformations caninclude decryption, decompression, and integrity checking. In accordancewith the disclosed invention, each data slice includes a cyclicalredundancy check (“CRC”), or other form of checksum appended to the datacontained in the slice. This checksum will be compared against achecksum calculated by the receiving slice server over the received datato ensure that the data was not corrupted during the transmissionprocess.

In step 420, it is determined if the applied data transformations weresuccessful for all of the received data slices. If the applied datatransformations were not successful for some of the received slices, mis incremented by this number in step 422, and execution is resumed atstep 406. The data transformations could fail, for example, if anintegrity check revealed that a received data slice was corrupted.However, if the applied data transformations were successful for allreceived data slices, the received slices are assembled into therequested block of data in step 424. The same or different datatransformations may optionally be applied to the assembled data block instep 426. Step 428 [not on figure] illustrates that the read process iscompleted. In accordance with the disclosed invention, a checksum forthe data segment will be calculated and compared to a checksum appendedto the assembled data segment.

In FIGS. 5A-5B, the process by which a dispersed data storage network,constructed in accordance with the disclosed invention, could write datato a network of slice servers is depicted. In step 502, a data segmentwrite request is received. Included in this write request is informationsufficient to determine which slice servers the data segment should bewritten to, as well as information required by the information dispersalalgorithm to divide the data segment, i.e., the number of slices to bewritten, referred to as n, as well as the minimum number of slices thatare required to recover the data, referred to as m. Further informationon one method that can be used to associate data writes with particularslice servers is contained in U.S. patent application Ser. No.11/973,621, titled “Virtualized Data Storage Vaults On A Dispersed DataStorage Network,” filed on Oct. 9, 2007 and assigned to Cleversafe, Inc.

A number of data transformations may optionally be applied to each blockin step 506, and an information dispersal algorithm is applied in step508. In particular, the Cauchy Reed-Solomon dispersal algorithm could beapplied to the data segment, resulting in a predetermined number of dataslices. In step 510, a number of data transformations are optionallyapplied to each data slice.

In the disclosed system, writes are performed transactionally, meaningthat a minimum number of data slices t must be successfully writtenbefore a write is deemed complete. Normally, the number of data slicesthat must be successfully written will be set to the minimum number ofslices needed to recreate the data. However, this number can beconfigured to a greater number, up to the number of slice servers inuse. This would allow the user to continue using the dispersed datastorage network during a minor network outage where one or more sliceservers are unavailable. Slices that could not be immediatelytransmitted and stored could be queued and transmitted when the networkoutage cleared. In addition, when a data segment is written to thedispersed data storage network, a transaction identifier is assigned andstored along with each written data slice. As explained later, thistransaction identifier is used to ensure that the most recent version ofa data segment has been stored to the dispersed data storage network. Instep 512, a write transaction is initiated to the data storage network.As discussed herein, all slice servers are simultaneously contacted, andin step 514, a confirmation that at least t receiving slice servers areprepared to begin the write transaction, i.e., to store each slice, mustbe received, or the transaction is rolled back in step 516.

In step 520 data slices are transmitted to the slice servers thatindicated their ability to receive and store slices. The number of sliceservers that successfully received and stored their assigned data slicesis checked in step 522, and if less than t slices are successfullystored, the transaction is rolled back in step 516. If the result ofstep 522 is that the stores are successful, then a commit transaction isinitiated in step 524 on all servers with successful writes. Therequired number of servers committed is verified in step 526. If thecommit transaction fails, an error is logged in step 528. Otherwise, thewrite transaction was successful.

FIGS. 6A-6B are a flow chart illustrating an alternative process bywhich corrupted data slices may be recreated. In step 602, a scan ofdata slices is initiated by a rebuilder application operating somewhereon the dispersed data storage network, such as the grid access computer,the monitor appliance, or one or more slice servers. If no corrupteddata slice is found at step 604, the corrupted slice recreation processis exited in step 605. However, if a corrupted slice is detected becauseof a failed integrity check, execution proceeds to step 606, where therebuilder application determines what data segment corresponds to thecorrupted data slice, and reads that data segment from the disperseddata storage network. The rebuilder application then reconstructs thedata segment in step 608. In step 610, the data segment is re-sliced,and the rebuilder application rewrites a non-corrupted version of thecorrupted data slice to the appropriate slice server in step 612. Theprocess exits after the write has been completed.

The rebuilder application is responsible for ensuring that the integrityof all stored data segments is maintained. As such, the rebuilderapplication has access to a data store identifying every data segmentstored by the dispersed data storage network. Note that referring to therebuilder application as singular is solely for convenience; a systemimplementing the disclosed invention could be constructed using multiplerebuilder applications, each responsible for maintaining some subset ofthe stored data segments.

FIG. 7 illustrates the high-level operation of the rebuild process, andin particular, the interactions of the following components of therebuilder application: the rebuild agent, the rebuild recorder, and therebuild detector.

The rebuild agent executes rebuild operations. In order to rebuild adata segment, the following operations are performed: 1) some or all ofthe available data slices for that data segment are read; 2) informationdispersal algorithms are used to obtain a pre-dispersal form of the datasegment; 3) information dispersal algorithms are used to generaterestored versions of the previously missing/corrupted data slices; and4) the restored data slices are written to the appropriate sliceservers. When performing slice write operations, the rebuild agent willindicate the transaction identifier of the slices being written. Theslice servers will use this identifier to ensure that slices are notoverwritten if their transaction identifiers are greater than thosespecified.

The rebuild recorder stores information about data segments that havebeen identified as potentially needing to be rebuilt. This informationis represented using “RebuildRecords.” A RebuildRecord consists of anidentifier associated with the data segment to be rebuilt, thetransaction identifier associated with the data segment to be rebuilt,and the identifiers of the data slices that are associated with the datasegment to be rebuilt. The rebuild recorder is responsible for providingrebuild records to rebuild agents, which actually perform the rebuildingoperation. FIG. 13 depicts one possible implementation of aRebuildRecord. Each RebuildRecord will include one data segment record,which may include a data segment identifier, a transaction identifier,the status of any rebuild operation, a status description for anyrebuild operation, the priority of any rebuild operation, and any otherdata associated with the data segment to be rebuilt. Each RebuildRecordwill also include one or more data slice records, which may include adata slice identifier, the type of rebuild operation, a transactionidentifier, the status of the rebuild operation, and a statusdescription of the rebuild operation. The transaction identifierindicates the transaction on which the data segment or data slice wasstored. Status indicates the progress of the rebuild operation; forexample, PENDING, ACTIVE, COMPLETE, or FAILED. Rebuild type indicateshow a particular data slice was compromised; for example, MISSING,OUTDATED, CORRUPTED, or UNKNOWN.

The rebuild detector actively discovers data slices that have beencompromised in some way. For example, the rebuild detector is able todetect missing and outdated slices by downloading a list of slices fromeach slice server and comparing those lists. The rebuild detector canalso detect corrupted data slices by verifying the checksums of all dataslices. This executes on each slice server in parallel.

In addition, the activities of the rebuild detector, recorder, andrebuild agent generate statistics that are useful in monitoring thehealth of the dispersed data storage network. Examples of suchstatistics are number of RebuildRecords in the list, the time it takesto rebuild one slice, or the number of slices being rebuilt per second.These statistics can then be viewed on the manager appliance, or othersimilar monitoring agent.

In step 701, the rebuild detector is triggered by some mechanism, suchas the expiration of a timer based on configurable parameters related tofrequency of rebuild, idle time in relation to other operations, andother parameters. The rebuild detector utilizes two separate types ofscans.

In step 702, the rebuild detector scans by attempting to read andreconstruct each data segment from its constituent data slices. Duringthe scanning process, the rebuild detector may notice that a particulardata segment has data slices with different transaction identifiers,indicating that one or more of the data slices were not updated during awrite, and therefore, that multiple versions of the same data segmentare stored. The data slices with outdated transaction identifiers willbe identified as compromised. It may also discover missing data slices.If it notes that a particular data slice in a data segment is missing oroutdated, it passes the data slice to the rebuild recorder in step 705.

In step 703, the rebuild detector scans by looking directly at theslices on the slice servers, computing new checksums, and comparing tothe stored checksum. If the computed checksum for a particular dataslice does not match the checksum appended to the data slice, theidentifying information for the data slice will be passed to the rebuildrecorder in step 705.

In step 704, during normal read operations, if a missing, outdated, orcorrupted data slice is read, the data slice identifier corresponding tothe compromised data slice is passed to the rebuild recorder in step705. In addition, during normal write operations, if a data segmentcannot be written to all of the slice servers, the data slices that werenot written are passed to the rebuild recorder in step 705.

In step 705, the rebuild recorder generates the necessary data and formsor updates a RebuildRecord, which is appended to the rebuild list, basedon the compromised data slices it has identified. In step 706, therebuild recorder leases records from the list to a rebuild agent, whichin step 707 rebuilds the data. The rebuilding of the data is done byreading enough slices to reconstitute a data segment, re-slicing thedata segment, and storing the needed slices, resulting in a complete andcorrect data segment.

Concerning the operation of the rebuild agent or agents, a singlerebuild agent could handle all data slice rebuilding for a rebuilderapplication. Alternatively, a new process or thread could be created foreach data slice to be rebuilt. In yet another alternative, a fixedstable of rebuild processes or threads could be spawned or instantiatedwhen the rebuilder application was executed and rebuild records wouldthen be passed to available rebuild agents as they finished rebuilding acompromised data slice.

FIG. 8 depicts a normal read operation from a dispersed data storagenetwork, illustrating in particular the process by which corruptedslices may be discovered during the read. During the read operation, anaccess device requests a slice from a slice server in step 802. In step803, the slice server transmits the requested slice to the accessdevice, which calculates a checksum for the requested data slice. Instep 804, the calculated checksum is compared to the checksum appendedto the stored data slice, and if the two checksums match, the readproceeds as normal in step 806. However, if the two checksums do notmatch, the read operation will pass a message to the rebuilderapplication operating on the dispersed data storage network indicatingthat the requested data slice is corrupted in step 808. The rebuildrecorder in step 809 inserts a RebuildRecord with the requested dataslice's data slice identifier and an indication that the requested dataslice is corrupted into its rebuild list so the identified data slicemay rebuild. In step 810, the grid access computer determines if analternative slice can be read from a different slice server. If analternative slice does not exist, the grid access computer will reportan error in step 812. In step 814, the grid access computer reads thealternative slice.

FIG. 9 depicts a normal read operation from a dispersed data storagenetwork, illustrating in particular the process by which missing andoutdated slices may be discovered. During the read operation, an accessdevice requests a data slice from a slice server in step 901. In step902, the data slice server returns the data slice or an error indicatingthat the requested data slice does not exist. If the requested dataslice does not exist, in step 907 the rebuilder application is notifiedof the missing slice. Otherwise, in step 903, the slice server transmitsthe requested slice to the access device. In step 904, the transactionidentifier of the data slice that was read is compared to thetransaction identifiers of the other data slices that make up the datasegment. If the transaction identifier matches the most recenttransaction identifier of the other data slices used to reconstruct thedata segment, the read proceeds as normal in step 905. However, if thetransaction identifiers do not match, the read operation will pass amessage to the rebuilder application operating on the dispersed datastorage network indicating that the requested data slice is too old instep 908. The rebuild recorder in step 909 inserts or updates aRebuildRecord with the data slice identifier corresponding to theoutdated or missing data slice into its rebuild list so that theoutdated or missing data slice may be rebuilt. In step 910, the gridaccess computer determines if an alternative data slice can be read froma different slice server. If an alternative data slice does not exist,the grid access computer will report an error in step 912. In step 914,the grid access computer reads the alternative data slice.

FIG. 10 depicts a normal write operation to a dispersed data storagenetwork, illustrating in particular the process by which missing slicesmay be recorded during this process. In step 1001, the normal writeprocess begins, initiating concurrent transactional writes to the sliceservers of all the data slices associated with a data segment. If theminimum required number of slice servers cannot be successfully writtenin step 1002, [Step 1002 might need N or Y on arrows pointing to 1003and 1004 to make clear] then in step 1003, the write transaction isrolled back. If, on the other hand, the minimum required number of sliceservers is available, the data slices are written to the available sliceservers. If the required number of data slices were written in step1006, then a commit transaction is initiated in step 1010. If the commitsucceeds on the required number of slice servers in step 1012 then thewrite is successful; otherwise, a write error is returned to the callingprogram in step 1014.

Step 1008 illustrates that if the write operation has determined thatsome number of slice servers was not able to write a data slice for adata segment, then the rebuild recorder is notified in step 1008 so thatthe missing data slices may be written in the future. In step 1009, therebuild recorder inserts or updates a RebuildRecord for each missingdata slice into its rebuild list so that the missing data slices can be“rebuilt” at a later time.

FIG. 11 is a flow chart illustrating one of the scans performed by therebuild detector, namely the scan for corrupted data slices. In step1102, a scan of data slices held by each slice server is initiated by arebuilder application operating somewhere on the dispersed data storagenetwork. Once initiated, each slice server scans its own data slices bycalculating a new checksum for each slice and comparing that checksum tothe checksum appended to the stored data slice. If no corrupted dataslice is found in step 1104, the corrupted slice detection process isexited in step 1105. However, if a corrupted slice is detected becauseof a failed integrity check, execution proceeds to step 1106, where therebuild detector determines what data segment corresponds to thecorrupted data slice, and reports that information to the rebuildrecorder. In step 1108, the rebuild recorder inserts or updates aRebuild Record including the corrupted data slice's information into itsrebuild list.

FIG. 12 is a flow chart illustrating the other scan performed by therebuild detector, namely the scan for missing or outdated data slices.In step 1202, a scan of data slices is initiated by a rebuilderapplication operating somewhere on the dispersed data storage network.The rebuild detector asks each slice server for a list of the dataslices contained on that server. In step 1204, the separate lists areprocessed in tandem with each other so that data slices from each datasegment can be compared. If no missing or outdated data slice is foundin step 1204, the missing or outdated slice detection process is exitedin step 1205. However, if a slice is missing or a slice is determined tobe older than the other slices in the data segment by comparing thetransaction identifiers associated with the data slices, executionproceeds to step 1206, where the rebuilder application reportsinformation necessary to identify any outdated or missing data slices tothe rebuild recorder. In step 1208, the rebuild recorder inserts orupdates Rebuild Records corresponding to the missing or outdated dataslices into its rebuild list so that the identified data slices may berebuilt.

FIG. 13 shows an example Rebuild Record, containing the data used torecord data slices that need to be rebuilt.

FIG. 14 illustrates the rebuilding of missing, outdated, or corrupt dataslices which were detected and recorded in the preceding processes. Therebuild agent is responsible for this activity. In step 1401 a rebuildagent is initiated by a configurable time-based trigger, and requestsdata segments that need to be rebuilt from the rebuild recorder. In step1402 the rebuild recorder responds with said data segments, if anyexist. The data segments are prioritized, with the segments with themost compromised slices being sent first. For each data segment sent, instep 1403 the rebuild agent reads sufficient data slices from the sliceservers to reconstruct the data segment. It then reconstructs the datasegment in step 1404, and re-slices it in step 1406. Since the sameinformation dispersal algorithm is used, the missing, outdated, orcorrupt slices are recreated exactly as they were or would have beenoriginally. In step 1408, the missing, outdated, or corrupt data slicesare written to the appropriate slice servers. When this is complete, therebuild agent returns the results to the rebuild recorder so the rebuildrecorder in step 1410 can make its list up to date. It deletes rebuildrecords that were successfully rebuilt. It un-leases the records whichwere not successfully rebuilt so that they will be provided again in thenext iteration of the rebuild agent process.

FIG. 15 illustrates the specific operation of the rebuild detector. Asdepicted, data concerning five data segments has been gathered by therebuild detector, which actively queries slice servers about datasegments which the slice servers store. Table 1 shows the transactionidentifier associated with data slices held by three slice servers forfive separate data segments. Further, for the depicted system, at leasttwo data slices are required to rebuild a data segment. Rows 1512, 1514,1516, 1518, and 1520 correspond to the stored data segments, and columns1502, 1504, and 1506 correspond to the slice servers holding the dataslices. For data segment 0, which is depicted by row 1512, the dataslices stored by all three slice servers were stored during transaction100, and therefore, the transaction identifier associated with each dataslice is 100. As none of these data slices are outdated or missing, noneof these data slices will be noted as compromised. However, in regardsto data segment 1, slice servers A and C hold data slices that werewritten during transaction 99, while slice server B holds no data sliceat all. This may have occurred because an extended outage prevented thedata slice from being written at all, or the portion of a hard diskholding the data slice may have failed. Accordingly, the data slice thatshould have been held by slice server B is noted as compromised andadded to the rebuild list. It may further be marked as missing asopposed to outdated or corrupted.

Data segment 2, which is represented by row 1516, also has no outdated,missing, or corrupted data slices, and therefore, no entry will be madein the rebuild list corresponding to data segment 2. However, in regardsto data segment 3, which is represented by row 1518, the data slicestored by slice server C was stored during transaction 100, while thedata slices stored by slice servers A and B were stored duringtransaction 101. Accordingly, the data slice stored by slice server C islikely outdated, and is added to the rebuild list.

Data segment 4 illustrates a case where a stored data segment cannotnecessarily be rebuilt. In this case, the data slice stored by sliceserver A was stored during transaction 102, while the data slice storedby slice server B was stored during transaction 99. In addition, thedata slice held by slice server C has become corrupted. As a minimum oftwo data slices are required to reconstruct a data segment in thisexample, and only one fully updated data slice is available, it ispossible that data segment 4 may no longer be re-buildable. Nonetheless,as two data slices are available, albeit one of them may be outdated, arebuild operation will be attempted. As with all rebuilt data segments,after a data segment is reconstructed using the correct informationdispersal algorithm, the checksum of the rebuilt data segment iscomputed and checked against the checksum appended to the data segment.Assuming the checksums match, the data segment is intact, and it will bere-sliced, and the transaction number for each data slice set to themost recent transaction, i.e., 102 in this case.

As illustrated, the process of detecting missing and outdated dataslices involves comparing the data slices stored by each slice server.As the number of stored data segments may be extremely large, a completerepresentation of every stored data slice may be too large to hold inmemory. Thus multiple iterations, each producing a partial list ofstored data slices, may be required in order to process all storedslices. Such a process would proceed on a data segment by data segmentbasis, with information about all data slices comprising some number ofparticular data segments being pulled and analyzed during eachiteration.

During operation of a dispersed data storage network an event may occurwhere a large number of related data slices are simultaneouslydestroyed, corrupted, or otherwise rendered permanently unusable.Examples of such events are depicted in FIG. 16. FIG. 16 depicts adispersed data storage network including a number of data storage sites1624 and 1632 each comprising a number of slice servers. 1602-1612 infigure, not in text For example, data storage site 1624 includes sliceservers 1618, 1620, and 1622. In addition, as depicted, each sliceserver has access to four drives; for example, slice server 1618 hasaccess to four drives labeled disk drive 1 through disk drive 4. Notethat these drives could be integrated into the server, or could beexternal drives accessible via a data connection, such as a USBconnection, or a network connection. Furthermore, any number of drivescould be accessed by any slice server, and four drives are depicted onlyfor illustrative purposes. It should be noted that each drivepotentially holds millions of data slices. In one embodiment of thedisclosed invention, each slice is assigned a sequential sliceidentifier, with a range of data slices being uniquely assigned to adrive; for example, a drive could hold data slices with identifiers 0through 1,000,000. In a separate embodiment of the disclosed invention,slices stored on a particular drive need not be identified usingsequential identifiers. However, a database, which could be storedanywhere within the dispersed data storage network, would relate sliceidentifiers to slice servers as well as particular disks.

Site 1 1624 depicts two potential scenarios where a large number ofrelated data slices are rendered inaccessible. Slice server 1618 has anumber of drives 1614 associated with it. As depicted, four drives areshown associated with slice server 1618. These drives could beincorporated within the server, or merely accessible by the server.Further, the number four is arbitrary, and any reasonable number ofdrives could accessible by any slice server.

In one possible scenario disk drive 2, which is accessible by sliceserver 1618, has been rendered inaccessible by an event, such as, forexample, drive failure or switching out the drive. In this example, alldata slices stored by disk drive 2 are inaccessible, and a rebuilderapplication operating on the dispersed data storage network is notifiedof the inaccessibility of the data slices stored on disk drive 2. In asecond scenario, slice server 1620 has been rendered permanentlyinaccessible by an event, such as, for example, an electrical fire. Inthis scenario, a rebuilder application operating on the dispersed datastorage network is notified of the inaccessibility of all data slicesstored on the slice server 1620.

FIG. 16 depicts one additional scenario that would render a large numberof data slices inaccessible. This additional scenario is the destructionof an entire storage site 1632. In this scenario, a rebuilderapplication operating on the dispersed data storage network is notifiedof the inaccessibility of all data slices stored by the storage site1632. While three potential scenarios rendering a large number of dataslices inaccessible are depicted in FIG. 16, these are shown only forillustrative purposes, and should not be construed as limiting theinvention in any way.

FIG. 17 depicts the high-level operation of the rebuilder as optimizedin accordance with the disclosed invention. In this embodiment of thedisclosed invention, the rebuilder operates identically to thedisclosure of FIG. 7, with the addition of step 1702, where aninaccessible disk, slice server, or site is detected. As previouslydiscussed, the disk, slice server, or site could have been destroyed orotherwise compromised so as to render the stored or maintained dataslices inaccessible. As in the earlier disclosed version of therebuilder, identifiers corresponding to the data slices associated withthe inaccessible disk, slice server, or site are added to a rebuild listin step 705, and the remainder of the rebuilder's operation is asspecified earlier in FIG. 7 and its accompanying text.

FIG. 18 illustrates the process by which the data slices stored by aninaccessible drive may be captured and added to a rebuild list. In step1802, a slice server discovers that a disk drive has becomeinaccessible. The slice server then calculates the range or set ofslices that have become inaccessible in step 1804. The slice servergenerates a message informing the rebuild recorder of the inaccessibleslices in step 1806, and in step 1808, the rebuild recorder notes theinaccessible slices and rebuilding proceeds as normal.

FIG. 19 illustrates the process by which the data slices stored by aninaccessible site may be captured and added to a rebuild list. In step1902, a manager or program, such as the rebuild detector, notes that aslice server, multiple slice servers, or an entire site have becomeinaccessible. In step 1904, the set or sets of slices that were lost arecalculated, and in step 1906, the rebuild recorder is informed of theslices that were lost. The rebuild process proceeds as normal in step1908.

FIG. 20 illustrates a possible record layout for a rebuild record thatrepresents a range of data segments, instead of one data segment. Such arebuild record would be assembled from the activities described above,such as, for example, (1) a slice server notifying the rebuilder of oneor more unusable slices, (2) a client or grid access computer notifyingthe rebuilder of one or more unusable slices, or (3) a manager notifyingthe rebuilder of an incident destroying a slice server or an entiresite, along with the warehoused data slices. As noted in FIG. 20, in theillustrated embodiment a rebuild record comprises one data segmentrecord and one or more data slice records, with the data slice recordsrepresenting the data slices required to assemble the data segmentrepresented by the data segment record. The structure of the rebuildrecord is identical to that discussed above regarding FIG. 13, with theexception that “start data segment identifier” and “end data segmentidentifier” are used in place of “data segment identifier” so that arange of data segments can be represented.

The foregoing description of the invention has been presented forpurposes of illustration and description, and is not intended to beexhaustive or to limit the invention to the precise form disclosed. Thedescription was selected to best explain the principles of the inventionand practical application of these principles to enable others skilledin the art to best utilize the invention in various embodiments andvarious modifications as are suited to the particular use contemplated.It is intended that the scope of the invention not be limited by thespecification, but be defined by the claims set forth below.

What is claimed is:
 1. A method for execution by one or more computers associated with a dispersed data storage network, the method comprises: identifying, by a first rebuilder application operating on a first slice server, a data slice having a storage error; identifying, by the first rebuilder application or by a second rebuilder application operating on the second slice server, a data segment based on the identified data slice, wherein the data segment was encoded in accordance with an information dispersal function to produce a set of data slices, which includes the identified data slice; identifying, by the second rebuilder application operating on the second slice server, one or more other slice servers that are storing other data slices of the set of data slices; retrieving, by the second rebuilder application operating on the second slice server from the one or more other slice servers, a sufficient number of the other data slices to reconstruct the data segment; decoding, by the second rebuilder application operating on the second slice server, the sufficient number of the other data slices in accordance with the information dispersal function to reconstruct the data segment; encoding, by the second rebuilder application operating on the second slice server, the reconstructed data segment in accordance with the information dispersal algorithm to produce a new set of data slices; and selecting, by the second rebuilder application operating on the second slice server, a data slice of the new set of data slices as a rebuilt data slice of the identified data slice.
 2. The method of claim 1 further comprises: outputting, by the second rebuilder application operating on the second slice server, the rebuilt data slice to the first slice server for storage therein.
 3. The method of claim 1, wherein the identifying the data slice comprises: performing, by a rebuild detector of the first or second rebuilder application, a storage error detection process to identify the storage error, wherein the storage error is one of: a missing data slice, an outdated data slice, and a corrupted data slice.
 4. The method of claim 1, wherein the identifying the data segment comprises: generating, by a rebuild recorder of the first or second rebuilder application, a rebuild record based on the identified data slice, wherein the rebuild record includes one or more of: an identifier of the identified data slice, an identifier associated with the data segment, a transaction identifier associated with the data segment, and identifiers of the other data slices.
 5. The method of claim 1 further comprises: releasing, by a rebuild recorder of the second rebuilder application, a rebuild record regarding the identified data slice and the data segment to a rebuild agent of the second rebuilder application; decoding, by the rebuild agent, the sufficient number of the other data slices by: arranging the sufficient number of other data slices into a reconstructed coded matrix; and decoding the reconstructed coded matrix using a decoding matrix function in accordance with the information dispersal algorithm to reconstruct the data segment; and encoding, by a rebuild agent, the reconstructed data segment by: arranging the reconstructed data segment into the data matrix; encoding the data matrix using an encoding matrix function in accordance with the information dispersal algorithm to produce a coded matrix; and arranging the coded matrix into the new set of data slices.
 6. A method for execution by one or more computers associated with a dispersed data storage network, the method comprises: identifying, by a plurality of rebuilder applications operating on the one or more computers, a plurality of data slices having storage errors; allocating a first set of the plurality of data slices having storage errors to a first rebuilder application of the plurality of rebuilder applications; allocating a second set of the plurality of data slices having storage errors to a second rebuilder application of the plurality of rebuilder applications; for a first data slice of the first set of the plurality of data slices: identifying, by the first rebuilder application, a first data segment based on the first data slice, wherein the first data segment was encoded in accordance with an information dispersal function to produce a first set of data slices, which includes the first data slice; identifying, by the first rebuilder application, one or more other slice servers that are storing other data slices of the first set of data slices; retrieving, by the first rebuilder application from the one or more other slice servers, a sufficient number of the other data slices to reconstruct the data segment; decoding, by the first rebuilder application, the sufficient number of the other data slices in accordance with the information dispersal function to reconstruct the first data segment; encoding, by the first rebuilder application, the reconstructed first data segment in accordance with the information dispersal algorithm to produce a new first set of data slices; and selecting, by the first rebuilder application, a data slice of the new first set of data slices as a rebuilt first data slice of the first data slice.
 7. The method of claim 6 further comprises: for a second data slice of the second set of the plurality of data slices: identifying, by the second rebuilder application, a second data segment based on the second data slice, wherein the second data segment was encoded in accordance with the information dispersal function to produce a second set of data slices, which includes the second data slice; identifying, by the second rebuilder application, another one or more other slice servers that are storing second other data slices of the second set of data slices; retrieving, by the second rebuilder application from the other one or more other slice servers, a sufficient number of the second other data slices to reconstruct the second data segment; decoding, by the second rebuilder application, the sufficient number of the second other data slices in accordance with the information dispersal function to reconstruct the second data segment; encoding, by the second rebuilder application, the reconstructed second data segment in accordance with the information dispersal algorithm to produce a new second set of data slices; and selecting, by the second rebuilder application, a data slice of the new second set of data slices as a rebuilt second data slice of the second data slice.
 8. The method of claim 6 further comprises: allocating the first set of the plurality of data slices having storage errors to the first rebuilder application based on data slices falling within a first address range; and allocating the second set of the plurality of data slices having storage errors to the second rebuilder application based on data slices falling within a first address range.
 9. A dispersed data storage network comprises: a first slice server that includes: a first network interface for interfacing with a network; first memory for storing first data slices and for storing a first rebuilder application; and a first central processing unit operable to execute the first rebuilder application; and a second slice server that includes: a second network interface for interfacing with the network; second memory for storing second data slices and for storing a second rebuilder application; and a second central processing unit operable to execute the second rebuilder application, wherein, when the first and second central processing units are executing the first and second rebuilder applications: the first rebuilder application identifies a data slice of the first data slices to produce an identified data slice, wherein the identified data slice has a storage error; the first rebuilder application or the second rebuilder application identifies a data segment based on the identified data slice, wherein the data segment was encoded in accordance with an information dispersal function to produce a set of data slices, which includes the identified data slice; the second rebuilder application: identifies one or more other slice servers that are storing other data slices of the set of data slices; retrieves, from the one or more other slice servers, a sufficient number of the other data slices to reconstruct the data segment; decodes the sufficient number of the other data slices in accordance with the information dispersal function to reconstruct the data segment; encodes the reconstructed data segment in accordance with the information dispersal algorithm to produce a new set of data slices; and selects a data slice of the new set of data slices as a rebuilt data slice of the identified data slice.
 10. The dispersed data storage network of claim 9 further comprises: the second rebuilder application outputting the rebuilt data slice to the first slice server for storage therein.
 11. The dispersed data storage network of claim 9, wherein the first rebuilder application identifies the data slice by: performing, by a rebuild detector of the first rebuilder application, a storage error detection process to identify the storage error, wherein the storage error is one of: a missing data slice, an outdated data slice, and a corrupted data slice.
 12. The dispersed data storage network of claim 9, wherein the first or second rebuilder application identifies the data segment by: generating, by a rebuild recorder of the first or second second rebuilder application, a rebuild record based on the identified data slice, wherein the rebuild record includes one or more of: an identifier of the identified data slice, an identifier associated with the data segment, a transaction identifier associated with the data segment, and identifiers of the other data slices.
 13. The dispersed data storage network of claim 9 further comprises: releasing, by a rebuild recorder of the second rebuilder application, a rebuild record regarding the identified data slice and the data segment to a rebuild agent of the second rebuilder application; decoding, by the rebuild agent, the sufficient number of the other data slices by: arranging the sufficient number of other data slices into a reconstructed coded matrix; and decoding the reconstructed coded matrix using a decoding matrix function in accordance with the information dispersal algorithm to reconstruct the data segment; and encoding, by a rebuild agent, the reconstructed data segment by: arranging the reconstructed data segment into the data matrix; encoding the data matrix using an encoding matrix function in accordance with the information dispersal algorithm to produce a coded matrix; and arranging the coded matrix into the new set of data slices. 